HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 118 guests and 5 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Columnsarrow RichMarrow Verifier - free open source checksum verification
EH-Net
February 10, 2012, 07:41:45 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Verifier - free open source checksum verification  (Read 16417 times)
0 Members and 1 Guest are viewing this topic.
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« on: September 22, 2007, 09:58:49 PM »
Black hats have become more and more clever, what once seemed the stuff of hollywood movies, is now reality; good software is being packaged with malware.  A quick google search will reveal that major software repositories (even the likes of sourceforge) have been compromised and unwanted payloads have often been passed off as the regular code that users of the site were looking to download. This is not a new issue, but it is becoming more prevelant and wide spread. As time consuming as it sounds, we have no choice but to verify that the package is what the publishers intended it to be.  The problem is that the programs used for checksum verification cost more than most budgets are equipped for (usually $1.00 past free).

Once again I have to plead poverty, and by I, I mean my organization.  It may seem trivial to some, but spending $25-30.00 on a "security tool" is unconscionable. For that reason that I had to forgo a lot of very reliable tools, until I found verifier.  I had almost given up hope, when finally the right combination of search terms brought me to this amazing tool, found here http://sourceforge.net/projects/verifier/ Verifier works on 63 hashing algorithms including MD5, SHA-1, Ripemd, etc.  It is an impressive list.  Overall it is a great piece of open source software, but their is one major drawback...it's old.  The next version was due out Sept. 6, 2004 but apparently that wasn't to be. I am using it with cautious optimism, hopefully some of you will take the plunge as well.
Logged
0blivi0n
Newbie
*
Offline Offline

Posts: 11


View Profile
« Reply #1 on: September 24, 2007, 03:46:38 AM »
looks quite interesting....i'll give it a try!
thanx for the info!!
Logged
jimbob
Sr. Member
****
Offline Offline

Posts: 414



View Profile WWW
« Reply #2 on: September 24, 2007, 03:11:07 PM »
Quote from: RichM on September 22, 2007, 09:58:49 PM
The problem is that the programs used for checksum verification cost more than most budgets are equipped for (usually $1.00 past free).
There are plenty of free tools to check all manner of checksums. I can think of cksum, md5sum and sha1sum off the top of my head.
Quote from: RichM
Once again I have to plead poverty, and by I, I mean my organization.  It may seem trivial to some, but spending $25-30.00 on a "security tool" is unconscionable. For that reason that I had to forgo a lot of very reliable tools, until I found verifier.
Most sites publish the MD5 and/or SHA1 sums for files they want to distribute, so a tool supporting 63 different checksums may seem overkill. It's good to have a tool that does all these checksums though, you never know when you might want it.

Better than checksums for verifying package integrity is cryptographic signing with a public/private key system like GPG. RPM for example has support for signed packages so you can verify their integrity without spending undue time on the process.

Regards,
Jimbob
Logged
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« Reply #3 on: September 24, 2007, 09:16:52 PM »
Jimbob,

I can appreciate the tools you mentioned, but they mostly are singular in nature.  I like the idea of having one tool that can do it all. 

Also, I agree PGP is the way to go, but most vendors barely provide md5 or SHA1 hashes; I think we are a few years away from PGP becoming the norm for the average vendor.
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3845


Editor-In-Chief


View Profile WWW
« Reply #4 on: September 28, 2007, 12:22:32 PM »
Try this one:

http://sourceforge.net/projects/fsumfe/

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
RichM
EH-Net Columnist
Newbie
*****
Offline Offline

Posts: 49


View Profile
« Reply #5 on: September 28, 2007, 10:47:44 PM »
Ummm, well yeah...I guess that is why you are the editor Smiley 

I honestly searched up and down for a freeware checksum verification tool, and Verifier was all I found.  Clearly I need to brush up on my google hacking skills, b/c what you found is more recent (and most importantly relevant). 

I have never claimed to know everything, and based on this thread I am not going to start now Wink I have not d/l this prog yet but it is on my short list of to do items.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.272 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge Training: Build Security Skills to Protect and Defend

offsec_130x200-2_jan-feb2012.png
Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: Refer_EHN
Including SANS Phoenix 2012, SANS 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.